Monday, July 9, 2007

Thieves using stolen credit cards to make donations

Some fraudsters have become generous with other people's money, donating to charities with stolen credit cards to verify the numbers are valid before selling them, the security firm Symantec Corp. said Friday on its blog.

They might seem like modern-day Robin Hoods, but they're really just cyber-robbers.

Unverified cards fetch up to $6 while verified cards can bring up to $18, said Javier Santoyo, a manager at Symantec. "Even the bad guys want to verify the other bad guys."

The verification method has become popular because the monitoring software at credit card companies may not question donations to charities, according the Symantec blog. Santoyo said the schemers usually donate less than $10.

American Red Cross spokeswoman Carrie Martin said, "This happens all the time. We have people at the Red Cross who deal with this type of activity."

Last month alone, the Red Cross refunded 700 fraudulent credit card transactions, Martin said. That figure doesn't include the transactions the charity blocked because they appeared fraudulent.

"There's a lot of red flags we look for," Martin said. For instance, the Red Cross automatically cancels any series of donations with the same e-mail address but a variety of credit-card numbers, Martin said.

Santoyo said that consumers should monitor their credit-card statements and question even a small transaction that appears to be unauthorized, as it could indicate the card number has been stolen.

The price thieves fetch for cards depends on whether it's been validated, the number of card numbers purchased, the credit line and how much additional information is available, such as the cardholder's address or the 3-digit security code on the card, said Johannes Ullrich, chief technology officer at the SANS Institute, a network security research and educational organization.